• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

freeeve / roaringrange / 28146543173
84%

Build:
DEFAULT BRANCH: main
Ran 25 Jun 2026 04:18AM UTC
Jobs 1
Files 16
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

25 Jun 2026 04:17AM UTC coverage: 84.204%. Remained the same
28146543173

push

github

freeeve
fix(reader): harden index parsers against malicious inputs + add mutation fuzz harness

Treat index bytes as untrusted (hostile origin or a corrupt/partial upload) and
close the denial-of-service vectors a crafted file could trigger in the wasm
reader — panics (wasm traps), out-of-bounds slices, unbounded allocation, and a
decompression bomb:

- fetch: checked arithmetic in read_coalesced (overflow on attacker-controlled
  posting offsets); 32-bit-safe span and slice-back math via try_from + get.
- vector: checked boot-region size arithmetic in VectorIndex::open — a wrapping
  nlist*dim*4 yielded a short fetch then out-of-bounds read_f32_vec / OOM.
- model2vec: checked section-offset arithmetic in from_bytes — a wrapping
  vocab_size*dim defeated the length bound (OOB slice / OOM HashMap capacity).
- records: cap zstd record inflation at 64 MiB (a tiny frame could inflate to
  gigabytes and OOM the reader).
- terms: verify the router FST CRC32 at open (the fst crate asserts on a corrupt
  node when streamed, and wasm aborts on panic); checked offset math in
  head_block; saturate dict/posting offsets; cap the dict_terms capacity hint.
- terms_dict: cap the front-coded block term capacity at prev.len() (a raw
  shared-prefix varint requested terabyte allocations); checked suffix span.
- bm25: checked impact-offset arithmetic in rerank.

Adds src/fuzz_tests.rs: deterministic mutation fuzzing (byte writes, count/offset
inflation, truncation, u32/u64 boundary values) of the RRS/RRSF/RRIL/RRSC/RRSR/
RRTI/RRSB/RRVR/RRM2/RRHC parsers, the RRSS manifest, and the multi-file RRSS
split search (corrupt each split/facet body against a valid manifest); an RRVI
boot-overflow regression; and adversarial query strings (large + pathological-
Unicode input through the ngram, tokenizer, and embed paths) — asserting open()
and a query path return Err rather than panic or OOM. The harness found every
bug above.

1418 of 1684 relevant lines covered (84.2%)

26.3 hits per line

Jobs
ID Job ID Ran Files Coverage
1 28146543173.1 25 Jun 2026 04:18AM UTC 16
84.2
GitHub Action Run
Source Files on build 28146543173
  • Tree
  • List 16
  • Changed 0
  • Source Changed 0
  • Coverage Changed 0
Coverage ∆ File Lines Relevant Covered Missed Hits/Line
  • Back to Repo
  • Github Actions Build #28146543173
  • 45fa50fa on github
  • Prev Build on main (#28134418554)
  • Next Build on main (#28279688357)
  • Delete
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc